pyftpdlib vulnerable to allocation of resources without limits
Moderate severity
GitHub Reviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Oct 19, 2010
Published to the GitHub Advisory Database
May 1, 2022
Reviewed
Jun 8, 2022
Last updated
Jan 29, 2023
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
References